forked from pool/firewalld
Accepting request 399451 from security:netfilter
1 OBS-URL: https://build.opensuse.org/request/show/399451 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firewalld?expand=0&rev=7
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
fdb9172654
40
0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
Normal file
40
0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 705742816112dffefd3233f2c8dda7c845c6e8b3 Mon Sep 17 00:00:00 2001
|
||||
From: Markos Chandras <mchandras@suse.de>
|
||||
Date: Tue, 31 May 2016 10:08:28 +0100
|
||||
Subject: [PATCH] src: firewall: core: Drop unneeded python shebangs
|
||||
|
||||
The fw_ifcfg and fw_nm files are not supposed to be executed as
|
||||
standalone files but rather imported by the main firewalld code so drop
|
||||
the python shebangs. This also fixes a warning when building firewalld
|
||||
in openSUSE OBS:
|
||||
|
||||
firewalld.noarch: W: non-executable-script
|
||||
/usr/lib/python2.7/site-packages/firewall/core/fw_nm.py 644 /usr/bin/python
|
||||
firewalld.noarch: W: non-executable-script
|
||||
/usr/lib/python2.7/site-packages/firewall/core/fw_ifcfg.py 644 /usr/bin/python
|
||||
---
|
||||
src/firewall/core/fw_ifcfg.py | 1 -
|
||||
src/firewall/core/fw_nm.py | 1 -
|
||||
2 files changed, 2 deletions(-)
|
||||
|
||||
diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
|
||||
index 442a6cc..33794a7 100644
|
||||
--- a/src/firewall/core/fw_ifcfg.py
|
||||
+++ b/src/firewall/core/fw_ifcfg.py
|
||||
@@ -1,4 +1,3 @@
|
||||
-#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Copyright (C) 2010-2016 Red Hat, Inc.
|
||||
diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
|
||||
index 38ef8fd..3df94c4 100644
|
||||
--- a/src/firewall/core/fw_nm.py
|
||||
+++ b/src/firewall/core/fw_nm.py
|
||||
@@ -1,4 +1,3 @@
|
||||
-#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Copyright (C) 2010-2016 Red Hat, Inc.
|
||||
--
|
||||
2.8.3
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From 9ed2c18357d45f8ec1f11723a1d98377387c1039 Mon Sep 17 00:00:00 2001
|
||||
From: Markos Chandras <mchandras@suse.de>
|
||||
Date: Tue, 31 May 2016 11:14:06 +0100
|
||||
Subject: [PATCH] firewall: core: fw_ifcfg: Quickly return if ifcfg directory
|
||||
does not exist
|
||||
|
||||
It's possible for the ifcfg directory to be missing or named differently
|
||||
so do not try to access it if it does not exist. This avoid warnings
|
||||
during firewalld start up like the following one:
|
||||
|
||||
ERROR: Calling post func <function ifcfg_set_zone_of_interface at
|
||||
0x7fb2f0d4fc80> (('', 'enp3s0')) failed: [Errno 2] No such file or
|
||||
directory: '/etc/sysconfig/network-scripts'
|
||||
---
|
||||
src/firewall/core/fw_ifcfg.py | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/firewall/core/fw_ifcfg.py b/src/firewall/core/fw_ifcfg.py
|
||||
index 33794a7..0b049a6 100644
|
||||
--- a/src/firewall/core/fw_ifcfg.py
|
||||
+++ b/src/firewall/core/fw_ifcfg.py
|
||||
@@ -32,6 +32,10 @@ from firewall.core.io.ifcfg import ifcfg
|
||||
def search_ifcfg_of_interface(interface):
|
||||
"""search ifcfg file for the interface in config.IFCFGDIR"""
|
||||
|
||||
+ # Return quickly if config.IFCFGDIR does not exist
|
||||
+ if not os.path.exists(config.IFCFGDIR):
|
||||
+ return None
|
||||
+
|
||||
filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface)
|
||||
if os.path.exists(filename):
|
||||
ifcfg_file = ifcfg(filename)
|
||||
--
|
||||
2.8.3
|
||||
|
||||
4
_service
4
_service
@ -1,7 +1,7 @@
|
||||
<services>
|
||||
<service name="verify_file" mode="localonly">
|
||||
<param name="file">firewalld-0.4.1.2.tar.bz2</param>
|
||||
<param name="file">firewalld-0.4.2.tar.bz2</param>
|
||||
<param name="verifier">sha1</param>
|
||||
<param name="checksum">c7f3d04bd115b9a56a95fc7aee1a6d10559d2690</param>
|
||||
<param name="checksum">d730129f592059ee97fc158861b44f8e7b201027</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 497bb64353948ee18e402bcb00265708e0877ac0 Mon Sep 17 00:00:00 2001
|
||||
From: Markos Chandras <mchandras@suse.de>
|
||||
Date: Tue, 12 Jan 2016 11:47:45 +0000
|
||||
Subject: [PATCH] config: firewalld.service: Drop Standard{Output,Error}
|
||||
|
||||
Drop the Standard{Output,Error}=null options so we can use the system
|
||||
logger to find out what firewalld is doing. It also helps when using
|
||||
--debug in /etc/sysconfig/firewalld as well
|
||||
---
|
||||
Upstream PR: https://github.com/t-woerner/firewalld/pull/67
|
||||
---
|
||||
config/firewalld.service.in | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
|
||||
index 08afe5b..3918835 100644
|
||||
--- a/config/firewalld.service.in
|
||||
+++ b/config/firewalld.service.in
|
||||
@@ -9,9 +9,6 @@ Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
|
||||
EnvironmentFile=-/etc/sysconfig/firewalld
|
||||
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
-# supress to log debug and error output also to /var/log/messages
|
||||
-StandardOutput=null
|
||||
-StandardError=null
|
||||
Type=dbus
|
||||
BusName=org.fedoraproject.FirewallD1
|
||||
|
||||
--
|
||||
2.6.2
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c444c2d9dfbd4036e3a5508824655d729acd6fb633d90cc0e99903d53b6654fa
|
||||
size 604940
|
||||
3
firewalld-0.4.2.tar.bz2
Normal file
3
firewalld-0.4.2.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:329e44b7d8de2400222d602d6c87c368865531ffe4004c392803dbe55717068e
|
||||
size 649581
|
||||
@ -1,3 +1,58 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue May 31 08:30:44 UTC 2016 - mchandras@suse.de
|
||||
|
||||
- Update to version 0.4.2
|
||||
* New module to search for and change ifcfg files for interfaces
|
||||
not under control of NM
|
||||
* firewall_config: Enhanced messages in status bar
|
||||
* firewall-config: New message window as overlay if not connected
|
||||
* firewall-config: Fix sentivity of option, view menus and main
|
||||
paned if not connected
|
||||
* firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls,
|
||||
some cleanup
|
||||
* firewall-[offline]cmd: Show target in zone information
|
||||
* D-Bus: Completed masquerade methods in FirewallClientZoneSettings
|
||||
* Fixed log-denied rules for icmp-blocks
|
||||
* Keep sorting of interfaces, services, icmp-blocks and other
|
||||
settings in zones
|
||||
* Fixed runtime-to-permanent not to save interfaces under control
|
||||
of NM
|
||||
* New icmp-block-inversion flag in the zones
|
||||
* ICMP type filtering in the zones
|
||||
* New services: sip, sips, managesieve
|
||||
* rich rules: Allow destination action (RHBZ#1163428)
|
||||
* firewall-offline-cmd: New option -q/--quiet
|
||||
* firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
|
||||
* firewall-[offline-]cmd: Fix option for setting the destination
|
||||
address
|
||||
* firewall-config: Fixed resizing behaviour
|
||||
* New transaction model for speed ups in start, restart, stop and
|
||||
other actions
|
||||
* firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
|
||||
* Fixed memory leak in dbus_introspection_add_properties
|
||||
* Landscape.io fixes, pylint calm downs
|
||||
* New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
|
||||
* ebtables-restore: No support for COMMIT command
|
||||
* Source port support in services, zones and rich rules
|
||||
* firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
|
||||
* firewall-config: New active bindings side bar for simple binding changes
|
||||
* Reworked NetworkManager module
|
||||
* Proper default zone handling for NM connections
|
||||
* Try to set zone binding with NM if interface is under control of NM
|
||||
* Code cleanup and bug fixes
|
||||
* Include test suite in the release and install in /usr/share/firewalld/tests
|
||||
* New Travis-CI configuration file
|
||||
* Fixed more broken frensh translations
|
||||
* Translation updates
|
||||
- Add upstream patches
|
||||
* 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes
|
||||
unneeded python shebangs
|
||||
* 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do
|
||||
not try to access the network-scripts ifcfg directory.
|
||||
- Drop rejected patch
|
||||
* drop-standard-output-error-systemd.patch
|
||||
- Minor spec file clean-up
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 6 20:56:42 UTC 2016 - jengelh@inai.de
|
||||
|
||||
|
||||
@ -17,17 +17,19 @@
|
||||
|
||||
|
||||
Name: firewalld
|
||||
Version: 0.4.1.2
|
||||
Version: 0.4.2
|
||||
Release: 0
|
||||
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Security
|
||||
Url: http://www.firewalld.org
|
||||
Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.bz2
|
||||
# PATCH-FIX-OPENSUSE: drop-standard-output-error-systemd.patch,
|
||||
# https://github.com/t-woerner/firewalld/pull/67(pending) -- Do not supress
|
||||
# stdout/stderr for firewalld
|
||||
Patch0: drop-standard-output-error-systemd.patch
|
||||
# PATCH-FIX-UPSTREAM: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
|
||||
# Drop python shebangs
|
||||
Patch0: 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
|
||||
# PATCH-FIX-UPSTREAM: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
|
||||
# Do not access the ifcfg directory if it does not exist
|
||||
Patch1: 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
|
||||
BuildRequires: desktop-file-utils
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: gettext
|
||||
@ -54,9 +56,7 @@ Requires(post): %fillup_prereq
|
||||
Recommends: %{name}-lang
|
||||
Suggests: susefirewall2-to-firewalld
|
||||
BuildArch: noarch
|
||||
%if 0%{?suse_version} >= 1210
|
||||
BuildRequires: systemd-rpm-macros
|
||||
%endif
|
||||
|
||||
%description
|
||||
firewalld is a firewall service daemon that provides a dynamic customizable
|
||||
@ -91,6 +91,7 @@ firewalld.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
%configure --enable-sysconfig --enable-rpmmacros
|
||||
@ -182,7 +183,7 @@ fi
|
||||
%{_libexecdir}/firewalld/services/*.xml
|
||||
%{_libexecdir}/firewalld/zones/*.xml
|
||||
%{_datadir}/polkit-1
|
||||
%{_sysconfdir}/rpm/macros.firewalld
|
||||
%config %{_sysconfdir}/rpm/macros.firewalld
|
||||
%dir %{_sysconfdir}/dbus-1
|
||||
%dir %{_sysconfdir}/dbus-1/system.d
|
||||
%attr(0750,root,root) %dir %{_libexecdir}/firewalld
|
||||
@ -192,6 +193,7 @@ fi
|
||||
%attr(0750,root,root) %dir %{_libexecdir}/firewalld/services
|
||||
%attr(0750,root,root) %dir %{_libexecdir}/firewalld/zones
|
||||
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
|
||||
%attr(0750,root,root) %{_datadir}/firewalld/tests
|
||||
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
|
||||
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
|
||||
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
|
||||
@ -230,6 +232,7 @@ fi
|
||||
%attr(0755,root,root) %{_bindir}/firewall-config
|
||||
%{_datadir}/firewalld/firewall-config.glade
|
||||
%attr(0755,root,root) %{_datadir}/firewalld/gtk3_chooserbutton.py*
|
||||
%attr(0755,root,root) %{_datadir}/firewalld/gtk3_niceexpander.py*
|
||||
%{_datadir}/applications/firewall-config.desktop
|
||||
%dir %{_datadir}/appdata
|
||||
%{_datadir}/appdata/firewall-config.appdata.xml
|
||||
|
||||
Loading…
Reference in New Issue
Block a user